2 files changed, 18 insertions, 0 deletions

diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index 0b60adf4a5d9..99c908226065 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -12,6 +12,7 @@
 #include <asm/unistd.h>
 #include <asm/ftrace.h>
 #include <asm/unwind.h>
+#include <asm/memory.h>
 #ifdef CONFIG_AEABI
 #include <asm/unistd-oabi.h>
 #endif
@@ -48,10 +49,14 @@ ret_fast_syscall:
  UNWIND(.fnstart        )
  UNWIND(.cantunwind     )
         disable_irq_notrace                     @ disable interrupts
+        ldr     r2, [tsk, #TI_ADDR_LIMIT]
+        cmp     r2, #TASK_SIZE
+        blne    addr_limit_check_failed
         ldr     r1, [tsk, #TI_FLAGS]            @ re-check for syscall tracing
         tst     r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
         bne     fast_work_pending
 
+
         /* perform architecture specific actions before user return */
         arch_ret_to_user r1, lr
 
@@ -74,6 +79,9 @@ ret_fast_syscall:
  UNWIND(.cantunwind     )
         str     r0, [sp, #S_R0 + S_OFF]!        @ save returned r0
         disable_irq_notrace                     @ disable interrupts
+        ldr     r2, [tsk, #TI_ADDR_LIMIT]
+        cmp     r2, #TASK_SIZE
+        blne    addr_limit_check_failed
         ldr     r1, [tsk, #TI_FLAGS]            @ re-check for syscall tracing
         tst     r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
         beq     no_work_pending
@@ -106,6 +114,9 @@ ENTRY(ret_to_user)
 ret_slow_syscall:
         disable_irq_notrace                     @ disable interrupts
 ENTRY(ret_to_user_from_irq)
+        ldr     r2, [tsk, #TI_ADDR_LIMIT]
+        cmp     r2, #TASK_SIZE
+        blne    addr_limit_check_failed
         ldr     r1, [tsk, #TI_FLAGS]
         tst     r1, #_TIF_WORK_MASK
         bne     slow_work_pending
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index 5814298ef0b7..b67ae12503f3 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -14,6 +14,7 @@
 #include <linux/uaccess.h>
 #include <linux/tracehook.h>
 #include <linux/uprobes.h>
+#include <linux/syscalls.h>
 
 #include <asm/elf.h>
 #include <asm/cacheflush.h>
@@ -673,3 +674,9 @@ struct page *get_signal_page(void)
 
         return page;
 }
+
+/* Defer to generic check */
+asmlinkage void addr_limit_check_failed(void)
+{
+        addr_limit_user_check();
+}